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CLAIMS 



1. 



(Original) 



A method for recovering a data repository from a failure 



affecting a primary copy of the data repository, including the steps of: 

maintaining a secondary copy of data sufficient to recover the primary copy of the 
data repository and data items held thereon; 

in response to a failure affecting the primary copy of the data repository, recreating a 
primary copy of the data repository from the secondary copy; [[and]] 

using a restore process to restore data items to the primary copy from the secondary 
copy within a recovery unit of work, wherein data items restored to the primary copy of the 
data repository within the recovery unit of work are made inaccessible to processes other than 
the restore process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the primary copy of the data 
repository to enable addition of data items to the data repository independent of said restore 
step and to enable processes other than the restore process to retrieve said independently 
added data items; and 

in response to successful completion of the restore step, committing the recovery unit 
of work including releasing said inaccessibility of the restored data. 

2. (Currently Amended) [[A]] The method according to claim 1 , wherein maintaining 
the secondary data copy comprises storing a backup copy of the data repository and storing 
log records describing updates to the primary copy performed since the backup copy was 
stored; wherein recreating the primary copy of the data repository includes the step of 
copying data repository definitions from the backup copy and applying the definitions to 
recreate the primary copy; and wherein restoring data items to the primary copy comprises 
copying data items from the backup copy and replaying the log records to identify and 
reapply updates to the primary copy. 

3. (Currently Amended) [[A]] The method according to claim 1, wherein maintaining 
the secondary data copy includes storing log records that describe updates to the primary 
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copy, and wherein the step of restoring the primary copy of the repository includes the steps 
of: 

replaying the log records of operations performed on data items within the primary 
copy of the data repository[[,]]; 

caching log records relating to operations performed under syncpoint control within 
an original unit of work[[,]]; 

determining from the cached log records the state of the original units of work at the 
time of the failure[[,]]; and 

determining which of said syncpoint-controlled operations to perform within the 
recovery unit of work based on the determined state of the original units of work. 

4. (Currently Amended) [[A]] The method according to claim 3, including performing 
operations within the recovery unit of work in accordance with the following procedure: 

if the original unit of work was committed before the failure, performing the relevant 
operations of the committed unit of work; 

if the original unit of work was in-doubt when the failure occurred, performing the 
relevant operations of the in-doubt unit of work but marking the operations in-doubt; and 

if the original unit of work is neither committed nor in-doubt, discarding the cached 
operations. 

5. (Currently Amended) [[A]] The method according to claim 3, including discarding 
from the recovery unit of work any pairs of addition and deletion operations that comprise an 
addition of a data item to the primary copy of the data repository and a deletion of the same 
data item from the primary copy of the data repository, on condition that said addition and 
deletion operations were performed and committed before the failure. 

6. (Currently Amended) [[A]] The method according to Claim 5 any on e of th e 
prec e ding claim s, wherein the data repository is a message repository and the step of 
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restoring data to the primary copy of the data repository comprises performing message add, 
update and delete operations on the message repository. 

7. (Currently Amended) [[A]] The method according to claim 6, for performance within 
a messaging communication system, wherein maintaining the secondary data copy includes 
storing log records to describe updates to the primary copy, and wherein the step of restoring 
data to the primary copy of the repository includes the steps of caching log records relating to 
message add, update and delete operations performed under syncpoint control within an 
original unit of work, determining from the log records the state of the original unit of work 
at the time of the failure, and determining the operations to perform within the recovery unit 
of work based on the determined state of the original unit of work as follows: 

if the original unit of work is committed, performing the relevant message add, update 
and delete operations; and 

if the original unit of work is in-doubt, performing the relevant message add, update 
and delete operations but marking the operations in-doubt; and 

if the original unit of work is neither committed nor in-doubt, discarding the cached 
operations. 

8. (Currently Amended) [[A]] The method according to Claim 1 any one of the 
pr e c e ding claims , wherein data restored to the primary copy of the repository within the 
recovery unit of work is made inaccessible by setting a flag for each data item restored to the 
data repository, the flag indicating that the data item is not accessible. 

9. (Currently Amended) [[A]] The method according to claim 8, wherein the flag 
indicates a transactional state of the data item and wherein a process for retrieving data items 
from the repository is adapted to identify one or more predefined transactional states as 
inaccessible. 

10. (Currently Amended) [[A]] The method according to claim 8 or claim 9, wherein the 
flag comprises a byte value of a distinctive primary key allocated to the data item when the 
data item is restored to the data repository, the byte value being selected from a range of 
values indicative of the transactional state of the data item. 
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1 1 . (Currently Amended) [[A]] The method according to any on e of claims 8 to Claim 1 0, 
wherein the step of setting a flag comprises: 

setting a first flag for any data item for which the latest operation performed on the 
data item prior to the failure was a committed add operation which is to be restored to the 
data repository within the recovery unit of work; and 

setting a second flag for any data item for which the latest operation performed on the 
data item prior to the failure was an in-doubt add or delete operation which is to be restored 
to the data repository within the recovery unit of work. 

12. (Currently Amended) [[A]] The method according to claim 11, wherein the first flag 
comprises a byte value of a data item key selected from a first range of byte values 
representing a first transactional state and the second flag comprises a byte value of a data 
item key selected from a second range of byte values representing a second transactional 
state. 

13. (Original) A data communication system including: 

data storage for storing a primary copy of a data repository; 

secondary data storage for storing a secondary copy of data representing the data 
repository which secondary data is sufficient to recover the primary copy of the data 
repository and data held thereon; 

a recovery component for controlling the operation of the data communication system 
to recover from a failure affecting the primary copy of the data repository, wherein the 
recovery component is operable to control the data communication system to perform the 
steps of: 

recreating a primary copy of the data repository from the secondary copy; and 

using a restore process to restore data items to the primary copy from the secondary 
copy within a recovery unit of work, wherein data items restored to the primary copy of the 
data repository within the recovery unit of work are made inaccessible to processes other than 
the restore process until commit of the recovery unit of work; 
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prior to commit of the recovery unit of work, configuring the primary copy of the data 
repository to enable addition of data items to the data repository independent of said restore 
step and to enable processes other than the restore process to retrieve said independently 
added data items; and 

in response to successful completion of the restore step, committing the recovery unit 
of work including releasing said inaccessibility of the restored data. 

14. (Currently Amended) [[A]] The data communication system according to Claim 13, 
comprising a data communication system for transferring messages between a sender and a 
receiver, wherein messages are held in the data repository following a message send 
operation by the sender and the messages are subsequently retrieved from the data repository 
for delivery to the receiver, and wherein a backup copy of the data repository is created and 
log records are written to record message send and message retrieval events since creation of 
the backup copy, wherein the recovery component is adapted to control the data 
communication system to perform the following steps: 

in response to a failure affecting the data repository, restoring messages to the data 
repository by reference to the backup copy of the data repository which backup copy was 
created prior to the failure; 

prior to completion of the recovery processing, configuring the data repository to 
enable new messages to be added to the data repository and retrieved therefrom without 
awaiting completion of the recovery processing; and 

reapplying updates to the data repository corresponding to message send and message 
retrieval operations performed prior to the failure, by reference to log records created prior to 
the failure; 

wherein the steps of restoring messages to the data repository and reapplying updates 
to the data repository by reference to the backup copy and log records are performed within a 
recovery unit of work and the restored messages and reapplied updates are made inaccessible 
until all data repository updates corresponding to send and retrieve operations performed 
prior to the failure have been reapplied to the data repository. 
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1 5. (Currently Amended) A computer program product comprising program code 
recorded on a recording medium for controlling the operation of a data processing apparatus 
on which the program code executes to perform a method for recovering a data repository 
from a failure affecting a primary copy of the data repository, for use with a data processing 
apparatus having a secondary data storage and having a component for maintaining a 
secondary copy of data in the secondary data storage which secondary copy is sufficient to 
recover the primary copy of the data repository and data items held thereon, the method 
including the steps of: 

in response to a failure affecting the primary copy of the data repository, recreating a 
primary copy of the data repository from the secondary copy; [[and]] 

using a restore process to restore data items to the primary copy from the secondary 
copy within a recovery unit of work, wherein data items restored to the primary copy of the 
data repository within the recovery unit of work are made inaccessible to processes other than 
the restore process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the primary copy of the data 
repository to enable addition of data items to the data repository independent of said restore 
step and to enable processes other than the restore process to retrieve said independently 
added data items; and 

in response to successful completion of the restore step, committing the recovery unit 
of work including releasing said inaccessibility of the restored data. 

16 (Original) A computer program for controlling the operation of a data 

processing apparatus on which the program executes to perform a method for recovering a 
data repository from a failure affecting a primary copy of the data repository, wherein the 
data processing apparatus has a secondary data storage area and wherein the computer 
program includes a component for maintaining a secondary copy of data in the secondary 
data storage area which secondary copy is sufficient to recover the primary copy of the data 
repository and data items held thereon, the method including the steps of: 
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in response to a failure affecting the primary copy of the data repository, recreating a 
primary copy of the data repository from the secondary copy; and 

using a restore process to restore data items to the primary copy from the secondary 
copy within a recovery unit of work, wherein data items restored to the primary copy of the 
data repository within the recovery unit of work are made inaccessible to processes other than 
the restore process until commit of the recovery unit of work; 

prior to commit of the recovery unit of work, configuring the primary copy of the data 
repository to enable addition of data items to the data repository independent of said restore 
step and to enable processes other than the restore process to access said independently added 
data items. 
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